-
Type:
Bug
-
Resolution: Unresolved
-
Priority:
Major
-
Component/s: packaging
-
Environment:Rocky Linux 9.3
Jenkins 2.441 installed from RPM
If Jenkins is installed from RPM and systemd unit has JENKINS_HTTPS_KEYSTORE_PASSWORD set, this exposes keystore password in the process list.
https://www.jenkins.io/doc/book/installing/initial-settings/#miscellaneous-parameters talks about sensitive parameters, specifically about --httpsKeystorePassword, and recommends the use of --paramsFromStdIn
 but Jenkins' own systemd starter doesn't follow that.
IMO, Jenkins systemd starter script should use --paramsFromStdIn if JENKINS_HTTPS_KEYSTORE_PASSWORD is set.
